Mailing List Archive: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP"

Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP"

Feb 19, 2019, 5:33 PM

Post #1 of 11 (2659 views)

I posted this first on the Apache mailing list, one person mentioned as this is mod_perl related I should post it here, so here it is.

I have just started upgrading all of my CentOS servers from 6.X to 7.X, with that Apache gets upgraded from 2.2 to 2.4, but it seems mod_perl has not increased the version number.

While I have fixed most of the issues realted to the upgrade of Apache one I cannot solve is the "PerlAuthenHandler Authen::Simple::IMAP" in .htaccess files.

I use this rather frequently on many machines as it is real easy for me to look after this.

Using apache 2.2 this used to work like a charm with an .htaccess file in the directory to protect:

satisfy any
Order deny,allow
deny from all

AuthName "Protected by IMAP credentials"
AuthType Basic
require user USER1 USER2
PerlAuthenHandler Authen::Simple::IMAP
PerlSetVar AuthenSimpleIMAP_host "CENTRAL.IMAPS.SERVER.HOST.NAME"
PerlSetVar AuthenSimpleIMAP_protocol "IMAPS"

allow from localhost
allow from THESERVER

I re-wrote this for apache 2.4 (not repeating the perl stuff which is the same in both) but same .htaccess file

<RequireAll>
Require user USER1 USER2
# do not turn this off, or else this will not work.
Require ip 127.0.0.1
Require host localhost
Require host THESERVER
</RequireAll>

In the server's httpd.conf file I have:

PerlRequire /etc/httpd/conf/startup.pl

which contains this:

#!/bin/env /usr/bin/perl
use strict;
use warnings;
use Authen::Simple::IMAP;
1;

This loads with no error messages (this also means mod_perl is working).

The problem really is:

==> error_log <==
failed to resolve handler Authen::Simple::IMAP
failed to resolve handler Authen::Simple::IMAP
failed to resolve handler Authen::Simple::IMAP
failed to resolve handler Authen::Simple::IMAP

The browser page displays a "Secure connection failed" which is crap as the certificate and everything is in perfect condition.

How can I make this work with apache 2.4?
What am I doing wrong?

thanks
Jobst

--
If a pig loses its voice, is it disgruntled?

| |0| | Jobst Schmalenbach, General Manager
| | |0| Barrett & Sales Essentials
|0|0|0| +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia

Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP" [ In reply to ]

henson at acm

Feb 19, 2019, 5:50 PM

Post #2 of 11 (2659 views)

Permalink

On 2/19/2019 5:33 PM, Jobst Schmalenbach wrote:
>
> While I have fixed most of the issues realted to the upgrade of
> Apache one I cannot solve is the "PerlAuthenHandler
> Authen::Simple::IMAP" in .htaccess files.
The authentication/authorization API changed between 2.2/2.4, if this
module has not been updated to accommodate that, there is no way to fix
this issue other than updating the module to work with the new API.

Where does this module come from? The only thing I can find is:

https://metacpan.org/pod/Authen::Simple

which does not appear to include an IMAP component.

Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP" [ In reply to ]

j.gao at sydney

Feb 19, 2019, 6:02 PM

Post #3 of 11 (2659 views)

Permalink

* Paul B. Henson <henson@acm.org> wrote:

> Date: Tue, 19 Feb 2019 17:50:15 -0800
> From: "Paul B. Henson" <henson@acm.org>
> To: modperl@perl.apache.org
> Subject: Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler
> Authen::Simple::IMAP"
> User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101
> Thunderbird/60.5.1
>
> On 2/19/2019 5:33 PM, Jobst Schmalenbach wrote:
> >
> >While I have fixed most of the issues realted to the upgrade of
> >Apache one I cannot solve is the "PerlAuthenHandler
> >Authen::Simple::IMAP" in .htaccess files.
> The authentication/authorization API changed between 2.2/2.4, if this module
> has not been updated to accommodate that, there is no way to fix this issue
> other than updating the module to work with the new API.
>
> Where does this module come from? The only thing I can find is:
>
> https://metacpan.org/pod/Authen::Simple
>
> which does not appear to include an IMAP component.

Found this on CPAN:

Module < Authen::Simple::IMAP (DMARTIN/Authen-Simple-IMAP-0.1.2.tar.gz)

-Jie

Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP" [ In reply to ]

henson at acm

Feb 19, 2019, 6:14 PM

Post #4 of 11 (2659 views)

Permalink

On 2/19/2019 6:02 PM, Jie Gao wrote:
>
> Found this on CPAN:
>
> Module < Authen::Simple::IMAP (DMARTIN/Authen-Simple-IMAP-0.1.2.tar.gz)

Hmm, perhaps I should have searched CPAN directly rather than relying on
Google :). Thanks for the pointer…

The last update for this module was in 2009; Apache 2.4 was released in
2012, so without even looking at the code I am fairly confident the
module does not support it.

The documentation comment "I've never tried this in mod_perl, so
including the mod_perl example in the synopsis is pure hubris on my
part" is also perhaps illuminating :).

Hmm, actually, it looks like the module in need of update is
Authen::Simple::Apache, not Authen::Simple::IMAP itself. That one was
last released in April 2012, but does not appear to include Apache 2.4
support. You could try contacting the author of that module to ask if he
would be willing to update it?

Or if you are handy at coding, you could try to update it yourself, or
contract somebody do it for you.

There are a few other authentication modules out there with 2.4 support
that could serve as examples, including

https://metacpan.org/pod/Apache2::AuthCASpbh

:).

Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP" [ In reply to ]

jobst at barrett

Feb 19, 2019, 7:33 PM

Post #5 of 11 (2658 views)

Permalink

On Wed, Feb 20, 2019 at 02:02:54AM +0000, Jie Gao (j.gao@sydney.edu.au) wrote:
> * Paul B. Henson <henson@acm.org> wrote:
>
> >
> > https://metacpan.org/pod/Authen::Simple
> >
> > which does not appear to include an IMAP component.
>
> Found this on CPAN:
>
> Module < Authen::Simple::IMAP (DMARTIN/Authen-Simple-IMAP-0.1.2.tar.gz)

That is correct.

Jobst

--
Dont blink or you miss it!

| |0| | Jobst Schmalenbach, General Manager
| | |0| Barrett & Sales Essentials
|0|0|0| +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia

Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP" [ In reply to ]

jobst at barrett

Feb 19, 2019, 7:34 PM

Post #6 of 11 (2658 views)

Permalink

On Tue, Feb 19, 2019 at 06:14:53PM -0800, Paul B. Henson (henson@acm.org) wrote:
> On 2/19/2019 6:02 PM, Jie Gao wrote:
> > Found this on CPAN:
> >
> > Module < Authen::Simple::IMAP (DMARTIN/Authen-Simple-IMAP-0.1.2.tar.gz)
>
> Hmm, perhaps I should have searched CPAN directly rather than relying on
>
> :).

Is there nothing else that provide IMAP conneciton/login/query?

Jobst

--
You seem (in my (humble) opinion (which doesn.t mean much)) to be (or possibly could be) more of a Lisp programmer (but I could be (and probably am) wrong)

| |0| | Jobst Schmalenbach, General Manager
| | |0| Barrett & Sales Essentials
|0|0|0| +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia

Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP" [ In reply to ]

jobst at barrett

Feb 19, 2019, 9:11 PM

Post #7 of 11 (2658 views)

Permalink

On Tue, Feb 19, 2019 at 06:14:53PM -0800, Paul B. Henson (henson@acm.org) wrote:
> On 2/19/2019 6:02 PM, Jie Gao wrote:
> > Found this on CPAN:
> >
> > Module < Authen::Simple::IMAP (DMARTIN/Authen-Simple-IMAP-0.1.2.tar.gz)
>
> The last update for this module was in 2009; Apache 2.4 was released in
> 2012, so without even looking at the code I am fairly confident the module
> does not support it.
>
> Authen::Simple::Apache, not Authen::Simple::IMAP itself. That one was last
>

There are actually a few issues here and it's not

- Authen::Simple::Apache
- Authen::Simple::IMAP

It has to do with the .htaccess file, I just got a login box.
I saw this:

https://www.gsp.com/cgi-bin/man.cgi?topic=Authen::Simple::Passwd

which has a different setup than the .htaccess I specified

PerlModule Authen::Simple::Apache
PerlModule Authen::Simple::Passwd
PerlSetVar AuthenSimplePasswd_path "/etc/passwd"

PerlAuthenHandler Authen::Simple::Passwd
AuthType Basic
AuthName "Protected Area"
Require valid-user

They are ACTUALLY specifying the MODULES which I did not do.

Need to play some hockey first .. BBL
Jobst

--
People without trees are like fish without clean water!

| |0| | Jobst Schmalenbach, General Manager
| | |0| Barrett & Sales Essentials
|0|0|0| +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia

Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP" [ In reply to ]

John at lariat

Feb 20, 2019, 6:11 AM

Post #8 of 11 (2657 views)

Permalink

Have you tried adding "Require all granted" inside the directory tag?

On Wed, Feb 20, 2019 at 5:11 AM Jobst Schmalenbach <jobst@barrett.com.au>
wrote:

> On Tue, Feb 19, 2019 at 06:14:53PM -0800, Paul B. Henson (henson@acm.org)
> wrote:
> > On 2/19/2019 6:02 PM, Jie Gao wrote:
> > > Found this on CPAN:
> > >
> > > Module < Authen::Simple::IMAP
> (DMARTIN/Authen-Simple-IMAP-0.1.2.tar.gz)
> >
> > The last update for this module was in 2009; Apache 2.4 was released in
> > 2012, so without even looking at the code I am fairly confident the
> module
> > does not support it.
> >
> > Authen::Simple::Apache, not Authen::Simple::IMAP itself. That one was
> last
> >
>
> There are actually a few issues here and it's not
>
> - Authen::Simple::Apache
> - Authen::Simple::IMAP
>
> It has to do with the .htaccess file, I just got a login box.
> I saw this:
>
> https://www.gsp.com/cgi-bin/man.cgi?topic=Authen::Simple::Passwd
>
> which has a different setup than the .htaccess I specified
>
> PerlModule Authen::Simple::Apache
> PerlModule Authen::Simple::Passwd
> PerlSetVar AuthenSimplePasswd_path "/etc/passwd"
>
> PerlAuthenHandler Authen::Simple::Passwd
> AuthType Basic
> AuthName "Protected Area"
> Require valid-user
>
> They are ACTUALLY specifying the MODULES which I did not do.
>
>
> Need to play some hockey first .. BBL
> Jobst
>
>
>
>
>
>
> --
> People without trees are like fish without clean water!
>
> | |0| | Jobst Schmalenbach, General Manager
> | | |0| Barrett & Sales Essentials
> |0|0|0| +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia
>

--
John Dunlap
*CTO | Lariat *

*Direct:*
*john@lariat.co <john@lariat.co>*

*Customer Service:*
877.268.6667
support@lariat.co

Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP" [ In reply to ]

jobst at barrett

Feb 20, 2019, 2:19 PM

Post #9 of 11 (2657 views)

Permalink

On Wed, Feb 20, 2019 at 02:11:14PM +0000, John Dunlap (John@lariat.co) wrote:
> Have you tried adding "Require all granted" inside the directory tag?

That would defeat the purpose of my problem.
If I do "Require all granted" the directory would not be protected,
he password query would not come up and the IMAP module would not be required.

>
> On Wed, Feb 20, 2019 at 5:11 AM Jobst Schmalenbach <jobst@barrett.com.au>
> > On Tue, Feb 19, 2019 at 06:14:53PM -0800, Paul B. Henson (henson@acm.org)
> > > On 2/19/2019 6:02 PM, Jie Gao wrote:

> >
> > Need to play some hockey first .. BBL
> > Jobst
>
> --
> John Dunlap
> *CTO | Lariat *
>
> *Direct:*
> *john@lariat.co <john@lariat.co>*
>
> *Customer Service:*
> 877.268.6667
> support@lariat.co

--
If proof denies faith, and uncertainty denies proof, then uncertainty is proof of God's existence.

| |0| | Jobst Schmalenbach, General Manager
| | |0| Barrett & Sales Essentials
|0|0|0| +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia

Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP" [ In reply to ]

j.gao at sydney

Feb 20, 2019, 6:35 PM

Post #10 of 11 (2657 views)

Permalink

* Jobst Schmalenbach <jobst@barrett.com.au> wrote:

> Date: Wed, 20 Feb 2019 12:33:22 +1100
> From: Jobst Schmalenbach <jobst@barrett.com.au>
> To: modperl@perl.apache.org
> Subject: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler
> Authen::Simple::IMAP"
> User-Agent: Mutt/1.9.1 (2017-09-22)
>
> I posted this first on the Apache mailing list, one person mentioned as this is mod_perl related I should post it here, so here it is.
>
> I have just started upgrading all of my CentOS servers from 6.X to 7.X, with that Apache gets upgraded from 2.2 to 2.4, but it seems mod_perl has not increased the version number.
>
> While I have fixed most of the issues realted to the upgrade of Apache one I cannot solve is the "PerlAuthenHandler Authen::Simple::IMAP" in .htaccess files.
>
> I use this rather frequently on many machines as it is real easy for me to look after this.
>
> Using apache 2.2 this used to work like a charm with an .htaccess file in the directory to protect:
>
> satisfy any
> Order deny,allow
> deny from all
>
> AuthName "Protected by IMAP credentials"
> AuthType Basic
> require user USER1 USER2
> PerlAuthenHandler Authen::Simple::IMAP
> PerlSetVar AuthenSimpleIMAP_host "CENTRAL.IMAPS.SERVER.HOST.NAME"
> PerlSetVar AuthenSimpleIMAP_protocol "IMAPS"
>
> allow from localhost
> allow from THESERVER
>
> I re-wrote this for apache 2.4 (not repeating the perl stuff which is the same in both) but same .htaccess file
>
> <RequireAll>
> Require user USER1 USER2
> # do not turn this off, or else this will not work.
> Require ip 127.0.0.1
> Require host localhost
> Require host THESERVER
> </RequireAll>

Not sure how you went with this issue, but you might want to try this instead:

<RequireAll>
Require user USER1 USER2
<RequireAny>
Require ip 127.0.0.1
Require host localhost
Require host THESERVER
</RequireAny>
</RequireAll>

Regards,

Jie

(I am currently having problems sending to/receiving from the list with my posts at the moment.)

> In the server's httpd.conf file I have:
>
> PerlRequire /etc/httpd/conf/startup.pl
>
> which contains this:
>
> #!/bin/env /usr/bin/perl
> use strict;
> use warnings;
> use Authen::Simple::IMAP;
> 1;
>
> This loads with no error messages (this also means mod_perl is working).
>
> The problem really is:
>
> ==> error_log <==
> failed to resolve handler Authen::Simple::IMAP
> failed to resolve handler Authen::Simple::IMAP
> failed to resolve handler Authen::Simple::IMAP
> failed to resolve handler Authen::Simple::IMAP
>
> The browser page displays a "Secure connection failed" which is crap as the certificate and everything is in perfect condition.
>
>
> How can I make this work with apache 2.4?
> What am I doing wrong?
>
>
> thanks
> Jobst
>
>
>
> --
> If a pig loses its voice, is it disgruntled?
>
> | |0| | Jobst Schmalenbach, General Manager
> | | |0| Barrett & Sales Essentials
> |0|0|0| +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia
>

Re: Apache upgrade 2.2 -> 2.4 and "PerlAuthenHandler Authen::Simple::IMAP" [ In reply to ]

jobst at barrett

Feb 20, 2019, 7:55 PM

Post #11 of 11 (2657 views)

Permalink

On Thu, Feb 21, 2019 at 02:35:22AM +0000, Jie Gao (j.gao@sydney.edu.au) wrote:
> * Jobst Schmalenbach <jobst@barrett.com.au> wrote:
>
> Not sure how you went with this issue, but you might want to try this instead:
>
> <RequireAll>
> Require user USER1 USER2
> <RequireAny>
> Require ip 127.0.0.1
> Require host localhost
> Require host THESERVER
> </RequireAny>
> </RequireAll>
>

Does not make a diffrence. If you read

http://httpd.apache.org/docs/trunk/upgrading.html

it states a little bit further down related to the old "satisfy any" (which is what I want)

2.4 configuration:
AuthType Basic
AuthBasicProvider file
AuthUserFile /example.com/conf/users.passwd
AuthName secure
# Implicitly <RequireAny>
Require valid-user
Require ip 127.0.0.1

So it's implicit, which actaully I understand.

As I said too, I have a login box (couple of email before yours) ... so it is actually loading everything as expected.
I am currently fixing this:

Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER

BBL with report how to get the entire thing to work with the

Authen::Simple::IMAP
Net::IMAP::Simple;

Jobst

--
When the Pope visits a country he really likes, does he french kiss the ground?????????

| |0| | Jobst Schmalenbach, General Manager
| | |0| Barrett & Sales Essentials
|0|0|0| +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia

Mailing List Archive

Mailing List Archive

Attached Files: